问题
Hey I was using parametrized queries for my application wich worked just fine but now (I don't know why) they aren't replaced anymore with the values...
So instead of running something like "SELECT [TABLE_NAME] FROM [MyDefinetelyExistingDatabase]"; it tries to execute "SELECT [TABLE_NAME] FROM [@targetDatabase]"; wich, of course, will fail.
var dataBaseToGetTablesFrom = "MyDefinetelyExistingDatabase";
var results = new List<string>();
const string query = @"SELECT
[TABLE_NAME] AS tableName
FROM
[@targetDatabase].[INFORMATION_SCHEMA].[TABLES] ;";
using (var context = new ConnectionHandler(true))
{
if (context.Connection.State != ConnectionState.Open)
throw new ConnectionFailedException(context.Connection.State);
using (var command = new SqlCommand(query, context.Connection))
{
command.Parameters.AddWithValue("@targetDatabase", dataBaseToGetTablesFrom);
using (var reader = command.ExecuteReader())
{
if (!reader.HasRows)
return results.ToArray();
while (reader.Read())
results.Add(reader.GetString(0));
}
}
}
return results.ToArray();
I now tried different formats and things to add the parameters but it results in the same...
I don't want to do this by inserting the values into the query directly via string.Format eg but I want to have those parameters (wich work properly at different places in the code (???) but not where I want.
In fact, I need to use parameters in every statement and must be able to adress different databases by calling them like [DB].[Table-Schema].[Table]
[EDIT]
Hey guys, figured the problem some days ago and thought I share it with you. As far as I have noticed, my problem at the whole was to try to replace the databasename and / or in some other examples, the table name as well. So this won't work which makes clearly sense to me as the server can't prepare to execute a statement if it doesn't even know on which table it should work and therefore doesn't know anything about the structure etc. :D
So I changed my statements to fit my new knowledge and it worked as excpected like a charm.
回答1:
You would need dynamic sql for this something like.....
DECLARE @Sql NVARCHAR(MAX);
SET @Sql = N' SELECT [TABLE_NAME] AS tableName '
+ N' FROM ' + QUOTENAME(@targetDatabase) + N'.[INFORMATION_SCHEMA].[TABLES]'
Exec sp_executesql @Sql
回答2:
I don't know what ConnectionHandler is, but if that is your own code you can implement it with SqlConnectionStringBuilder which will allow you to use a variable to assign the InitialCatalog instead of putting the database name in the query. This would be preferable to dynamic sql which requires careful sanitization.
来源:https://stackoverflow.com/questions/32184389/c-sharp-using-sql-parameters-which-now-wont-work